aboutsummaryrefslogtreecommitdiffstats
path: root/include/linux/netfilter/xt_hashlimit.h
Commit message (Collapse)AuthorAgeFilesLines
* [NETFILTER]: xt_hashlimit match, revision 1Jan Engelhardt2008-01-311-5/+32
| | | | | | | | | | | | | | | | | | | | | | | Introduces the xt_hashlimit match revision 1. It adds support for kernel-level inversion and grouping source and/or destination IP addresses, allowing to limit on a per-subnet basis. While this would technically obsolete xt_limit, xt_hashlimit is a more expensive due to the hashbucketing. Kernel-level inversion: Previously you had to do user-level inversion: iptables -N foo iptables -A foo -m hashlimit --hashlimit(-upto) 5/s -j RETURN iptables -A foo -j DROP iptables -A INPUT -j foo now it is simpler: iptables -A INPUT -m hashlimit --hashlimit-over 5/s -j DROP Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: Annotate start of kernel fields in NF headersJan Engelhardt2008-01-281-1/+1
| | | | | | Signed-off-by: Jan Engelhardt <jengelh@computergmbh.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
* [NETFILTER]: x_tables: add port of hashlimit match for IPv4 and IPv6Patrick McHardy2006-12-021-0/+40
Signed-off-by: Patrick McHardy <kaber@trash.net>
generated by cgit v1.1 at 2024-09-09 02:36:35 +0000